VPN Ufficio: differenze tra le versioni
Da Webmobili Wiki.
Nessun oggetto della modifica |
Nessun oggetto della modifica |
||
| (8 versioni intermedie di un altro utente non mostrate) | |||
| Riga 1: | Riga 1: | ||
IP PUBBLICO Vodafone 5.89.205.138 | |||
Con il nuovo ufficio è stato installato un '''nuovo firewall''' che ci permette di avere una VPN. | Con il nuovo ufficio è stato installato un '''nuovo firewall''' che ci permette di avere una VPN. | ||
== Windows == | |||
Al momento la VPN è configurata solo per gli ''utenti Windows''. | Al momento la VPN è configurata solo per gli ''utenti Windows''. | ||
Funziona eseguendo il seguente '''script''' | Scaricare [[Media:Webmobili-VPN-Certificato.zip]] | ||
Funziona eseguendo il seguente '''script batch'''<br/> | |||
(eseguire nella stessa cartella del certificato <code>RemoteAccess_Windows_IPSec_VPN.crt</code> appena scaricato ed estratto) | |||
<syntaxhighlight lang="batch"> | <syntaxhighlight lang="batch"> | ||
@echo off | @echo off | ||
set Name=" | set Name="Webmobili" | ||
set ServerAddress="nebula-67deeefb.d2ns-nbl.com" | set ServerAddress="nebula-67deeefb.d2ns-nbl.com" | ||
set TunnelType="IKEv2" | set TunnelType="IKEv2" | ||
| Riga 68: | Riga 72: | ||
powershell -ExecutionPolicy Bypass -command "Set-VpnConnectionIPsecConfiguration -ConnectionName %Name% -EncryptionMethod %IKEEnc% -IntegrityCheckMethod %IKEAuth% -DHGroup %IKEKey% -CipherTransformConstants %ESPEnc% -AuthenticationTransformConstants %ESPAuth% -PfsGroup %ESPPfs% -Force" | powershell -ExecutionPolicy Bypass -command "Set-VpnConnectionIPsecConfiguration -ConnectionName %Name% -EncryptionMethod %IKEEnc% -IntegrityCheckMethod %IKEAuth% -DHGroup %IKEKey% -CipherTransformConstants %ESPEnc% -AuthenticationTransformConstants %ESPAuth% -PfsGroup %ESPPfs% -Force" | ||
powershell -ExecutionPolicy Bypass -command "Add-VpnConnectionRoute -ConnectionName %Name% -DestinationPrefix '10.13.17.0/24' -PassThru" | powershell -ExecutionPolicy Bypass -command "Add-VpnConnectionRoute -ConnectionName %Name% -DestinationPrefix '10.13.17.0/24' -PassThru" | ||
powershell -ExecutionPolicy Bypass -command "Add-VpnConnectionRoute -ConnectionName %Name% -DestinationPrefix '104.40.169.32/29' -PassThru" | |||
powershell -ExecutionPolicy Bypass -command "Add-VpnConnectionRoute -ConnectionName %Name% -DestinationPrefix '13.69.112.168/29' -PassThru" | |||
powershell -ExecutionPolicy Bypass -command "Add-VpnConnectionRoute -ConnectionName %Name% -DestinationPrefix '52.236.184.32/29' -PassThru" | |||
powershell -ExecutionPolicy Bypass -command "Add-VpnConnectionRoute -ConnectionName %Name% -DestinationPrefix '20.61.99.192/27' -PassThru" | |||
powershell -ExecutionPolicy Bypass -command "Write-Host \"Create the %Name% VPN connection\"" | powershell -ExecutionPolicy Bypass -command "Write-Host \"Create the %Name% VPN connection\"" | ||
pause | pause | ||
| Riga 76: | Riga 84: | ||
powershell -ExecutionPolicy Bypass -command "Set-VpnConnectionIPsecConfiguration -ConnectionName %Name% -EncryptionMethod %IKEEnc% -IntegrityCheckMethod %IKEAuth% -DHGroup %IKEKey% -CipherTransformConstants %ESPEnc% -AuthenticationTransformConstants %ESPAuth% -PfsGroup %ESPPfs% -Force" | powershell -ExecutionPolicy Bypass -command "Set-VpnConnectionIPsecConfiguration -ConnectionName %Name% -EncryptionMethod %IKEEnc% -IntegrityCheckMethod %IKEAuth% -DHGroup %IKEKey% -CipherTransformConstants %ESPEnc% -AuthenticationTransformConstants %ESPAuth% -PfsGroup %ESPPfs% -Force" | ||
powershell -ExecutionPolicy Bypass -command "Add-VpnConnectionRoute -ConnectionName %Name% -DestinationPrefix '10.13.17.0/24' -PassThru" | powershell -ExecutionPolicy Bypass -command "Add-VpnConnectionRoute -ConnectionName %Name% -DestinationPrefix '10.13.17.0/24' -PassThru" | ||
powershell -ExecutionPolicy Bypass -command "Add-VpnConnectionRoute -ConnectionName %Name% -DestinationPrefix '104.40.169.32/29' -PassThru" | |||
powershell -ExecutionPolicy Bypass -command "Add-VpnConnectionRoute -ConnectionName %Name% -DestinationPrefix '13.69.112.168/29' -PassThru" | |||
powershell -ExecutionPolicy Bypass -command "Add-VpnConnectionRoute -ConnectionName %Name% -DestinationPrefix '52.236.184.32/29' -PassThru" | |||
powershell -ExecutionPolicy Bypass -command "Add-VpnConnectionRoute -ConnectionName %Name% -DestinationPrefix '20.61.99.192/27' -PassThru" | |||
powershell -ExecutionPolicy Bypass -command "Write-Host \"Updated the %Name% VPN connection\"" | powershell -ExecutionPolicy Bypass -command "Write-Host \"Updated the %Name% VPN connection\"" | ||
pause | pause | ||
| Riga 81: | Riga 93: | ||
exit /b | exit /b | ||
</syntaxhighlight> | |||
==== Eliminare VPN ==== | |||
Per eliminare/disinstallare tutto quello che è stato fatto usare il seguente '''script batch''' | |||
<syntaxhighlight lang="batch"> | |||
@echo off | |||
setlocal | |||
set Name="Webmobili" | |||
set CertSubject="CN=RemoteAccess_Windows_IPSec_VPN" | |||
:: Verifica privilegi amministrativi | |||
call :isAdmin | |||
if %errorlevel% neq 0 ( | |||
echo Richiesti privilegi amministrativi per rimuovere la VPN e il certificato. | |||
echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs" | |||
echo UAC.ShellExecute "cmd.exe", "/c ""%~s0"" admin", "", "runas", 1 >> "%temp%\getadmin.vbs" | |||
"%temp%\getadmin.vbs" | |||
del "%temp%\getadmin.vbs" | |||
exit /b | |||
) | |||
:: Rimozione connessione VPN | |||
powershell -ExecutionPolicy Bypass -Command "if (Get-VpnConnection -Name %Name% -ErrorAction SilentlyContinue) { Remove-VpnConnection -Name %Name% -Force; Write-Host 'VPN rimossa' } else { Write-Host 'VPN non trovata' }" | |||
:: Rimozione certificato CA dal certificato root | |||
powershell -ExecutionPolicy Bypass -Command ^ | |||
"$certs = Get-ChildItem -Path Cert:\LocalMachine\Root | Where-Object { $_.Subject -eq '%CertSubject%' }; ^ | |||
if ($certs) { $certs | Remove-Item -Force; Write-Host 'Certificato rimosso' } else { Write-Host 'Certificato non trovato' }" | |||
pause | |||
exit /b | |||
:isAdmin | |||
fsutil dirty query %systemdrive% >nul 2>&1 | |||
exit /b | |||
</syntaxhighlight> | </syntaxhighlight> | ||
Versione attuale delle 16:50, 3 giu 2025
IP PUBBLICO Vodafone 5.89.205.138
Con il nuovo ufficio è stato installato un nuovo firewall che ci permette di avere una VPN.
Windows
[modifica]Al momento la VPN è configurata solo per gli utenti Windows.
Scaricare Media:Webmobili-VPN-Certificato.zip
Funziona eseguendo il seguente script batch
(eseguire nella stessa cartella del certificato RemoteAccess_Windows_IPSec_VPN.crt appena scaricato ed estratto)
@echo off
set Name="Webmobili"
set ServerAddress="nebula-67deeefb.d2ns-nbl.com"
set TunnelType="IKEv2"
set AuthenticationMethod="EAP"
set EncryptionLevel="Required"
set UseWinlogonCredential=$False
set RememberCredential=$True
set SplitTunneling=$True
set IKEEnc="AES256"
set IKEAuth="SHA256"
set IKEKey="Group14"
set ESPEnc="AES256"
set ESPAuth="SHA256"
set ESPPfs="None"
:: Installing CA certificate requires Administrator privileges.
call :isAdmin
:: Check Administrator priviledges and run alternative action
if %errorlevel% == 0 (
goto :run
) else if "%1" == "admin_session" (
goto :run
) else if %errorlevel% == 1 (
goto :UACPrompt
) else (
echo "Could not get administrative privileges"
pause
exit /b
)
:isAdmin
fsutil dirty query %systemdrive% >nul 2>&1
exit /b
:run
cd /d %~dp0
powershell -ExecutionPolicy Bypass -NonInteractive -Command "& {Get-ChildItem -Path .\RemoteAccess_Windows_IPSec_VPN.crt | Import-Certificate -CertStoreLocation cert:\LocalMachine\root}"
exit /b
:UACPrompt
echo Requesting administrative privileges to install the IKEv2 VPN CA certificate...
echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs"
echo UAC.ShellExecute "cmd.exe", "/c ""%~s0"" admin_session", "", "runas", 1 >> "%temp%\getadmin.vbs"
"%temp%\getadmin.vbs"
del "%temp%\getadmin.vbs"
echo "Install the IKEv2 VPN CA certificate..."
powershell -ExecutionPolicy Bypass -command "Get-VpnConnection -Name %Name% -ErrorAction SilentlyContinue"
if %errorlevel% == 0 (
goto :UpdateVPN
) else (
goto :AddVPN
)
:AddVPN
powershell -ExecutionPolicy Bypass -command "Add-VpnConnection -Name %Name% -ServerAddress %ServerAddress% -TunnelType %TunnelType% -EncryptionLevel %EncryptionLevel% -AuthenticationMethod %AuthenticationMethod% -Force"
powershell -ExecutionPolicy Bypass -command "Set-VpnConnection -Name %Name% -SplitTunneling %SplitTunneling% -RememberCredential %RememberCredential% -Force"
powershell -ExecutionPolicy Bypass -command "Set-VpnConnectionIPsecConfiguration -ConnectionName %Name% -EncryptionMethod %IKEEnc% -IntegrityCheckMethod %IKEAuth% -DHGroup %IKEKey% -CipherTransformConstants %ESPEnc% -AuthenticationTransformConstants %ESPAuth% -PfsGroup %ESPPfs% -Force"
powershell -ExecutionPolicy Bypass -command "Add-VpnConnectionRoute -ConnectionName %Name% -DestinationPrefix '10.13.17.0/24' -PassThru"
powershell -ExecutionPolicy Bypass -command "Add-VpnConnectionRoute -ConnectionName %Name% -DestinationPrefix '104.40.169.32/29' -PassThru"
powershell -ExecutionPolicy Bypass -command "Add-VpnConnectionRoute -ConnectionName %Name% -DestinationPrefix '13.69.112.168/29' -PassThru"
powershell -ExecutionPolicy Bypass -command "Add-VpnConnectionRoute -ConnectionName %Name% -DestinationPrefix '52.236.184.32/29' -PassThru"
powershell -ExecutionPolicy Bypass -command "Add-VpnConnectionRoute -ConnectionName %Name% -DestinationPrefix '20.61.99.192/27' -PassThru"
powershell -ExecutionPolicy Bypass -command "Write-Host \"Create the %Name% VPN connection\""
pause
exit /b
:UpdateVPN
powershell -ExecutionPolicy Bypass -command "Set-VpnConnection -Name %Name% -ServerAddress %ServerAddress% -TunnelType %TunnelType% -EncryptionLevel %EncryptionLevel% -AuthenticationMethod %AuthenticationMethod% -SplitTunneling %SplitTunneling% -Force"
powershell -ExecutionPolicy Bypass -command "Set-VpnConnectionIPsecConfiguration -ConnectionName %Name% -EncryptionMethod %IKEEnc% -IntegrityCheckMethod %IKEAuth% -DHGroup %IKEKey% -CipherTransformConstants %ESPEnc% -AuthenticationTransformConstants %ESPAuth% -PfsGroup %ESPPfs% -Force"
powershell -ExecutionPolicy Bypass -command "Add-VpnConnectionRoute -ConnectionName %Name% -DestinationPrefix '10.13.17.0/24' -PassThru"
powershell -ExecutionPolicy Bypass -command "Add-VpnConnectionRoute -ConnectionName %Name% -DestinationPrefix '104.40.169.32/29' -PassThru"
powershell -ExecutionPolicy Bypass -command "Add-VpnConnectionRoute -ConnectionName %Name% -DestinationPrefix '13.69.112.168/29' -PassThru"
powershell -ExecutionPolicy Bypass -command "Add-VpnConnectionRoute -ConnectionName %Name% -DestinationPrefix '52.236.184.32/29' -PassThru"
powershell -ExecutionPolicy Bypass -command "Add-VpnConnectionRoute -ConnectionName %Name% -DestinationPrefix '20.61.99.192/27' -PassThru"
powershell -ExecutionPolicy Bypass -command "Write-Host \"Updated the %Name% VPN connection\""
pause
exit /b
exit /b
Eliminare VPN
[modifica]Per eliminare/disinstallare tutto quello che è stato fatto usare il seguente script batch
@echo off
setlocal
set Name="Webmobili"
set CertSubject="CN=RemoteAccess_Windows_IPSec_VPN"
:: Verifica privilegi amministrativi
call :isAdmin
if %errorlevel% neq 0 (
echo Richiesti privilegi amministrativi per rimuovere la VPN e il certificato.
echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs"
echo UAC.ShellExecute "cmd.exe", "/c ""%~s0"" admin", "", "runas", 1 >> "%temp%\getadmin.vbs"
"%temp%\getadmin.vbs"
del "%temp%\getadmin.vbs"
exit /b
)
:: Rimozione connessione VPN
powershell -ExecutionPolicy Bypass -Command "if (Get-VpnConnection -Name %Name% -ErrorAction SilentlyContinue) { Remove-VpnConnection -Name %Name% -Force; Write-Host 'VPN rimossa' } else { Write-Host 'VPN non trovata' }"
:: Rimozione certificato CA dal certificato root
powershell -ExecutionPolicy Bypass -Command ^
"$certs = Get-ChildItem -Path Cert:\LocalMachine\Root | Where-Object { $_.Subject -eq '%CertSubject%' }; ^
if ($certs) { $certs | Remove-Item -Force; Write-Host 'Certificato rimosso' } else { Write-Host 'Certificato non trovato' }"
pause
exit /b
:isAdmin
fsutil dirty query %systemdrive% >nul 2>&1
exit /b
